21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55

Analysis

max time kernel
150s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 17:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe
Size

1.6MB
MD5

a51b6ea36c95074022a1d75cf50ff03d
SHA1

68d264386d390d0f8395895d69ec1d629c4d0361
SHA256

21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55
SHA512

7df03e9ff1d4dd7d2376d7274cbc201b449aea002d7a4a543dd2b06502b42931db49b50629d2d50de569b907b1aca038a497ff81ecd2b853b6dac899b12b37ca
SSDEEP

24576:97+ruBJ+lZfz3ObxtBEImd0fcU0vbC50j1Z8bDeL/EapfnGmnIV6BU8SHD1NJcjl:97xSd0fcU0vbCWjM2L/E0nGmZUnHRWt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4836	Logo1_.exe
1920	21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\uk-UA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\collect_feedback\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Speech\en-GB\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\defaults\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pt-PT\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Temp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\XboxIdp.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-Toolkit\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe
File created	C:\Windows\Logo1_.exe	21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe
4836	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 448	1576	21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe	84
PID 1576 wrote to memory of 448	1576	21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe	84
PID 1576 wrote to memory of 448	1576	21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe	84
PID 1576 wrote to memory of 4836	1576	21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe	85
PID 1576 wrote to memory of 4836	1576	21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe	85
PID 1576 wrote to memory of 4836	1576	21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe	85
PID 4836 wrote to memory of 2184	4836	Logo1_.exe	86
PID 4836 wrote to memory of 2184	4836	Logo1_.exe	86
PID 4836 wrote to memory of 2184	4836	Logo1_.exe	86
PID 2184 wrote to memory of 3352	2184	net.exe	89
PID 2184 wrote to memory of 3352	2184	net.exe	89
PID 2184 wrote to memory of 3352	2184	net.exe	89
PID 448 wrote to memory of 1920	448	cmd.exe	90
PID 448 wrote to memory of 1920	448	cmd.exe	90
PID 448 wrote to memory of 1920	448	cmd.exe	90
PID 4836 wrote to memory of 3432	4836	Logo1_.exe	56
PID 4836 wrote to memory of 3432	4836	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3432
- C:\Users\Admin\AppData\Local\Temp\21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe
  "C:\Users\Admin\AppData\Local\Temp\21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1576
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9ED0.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe
      "C:\Users\Admin\AppData\Local\Temp\21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe"
      4⤵
      Executes dropped EXE
      PID:1920
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4836
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2184
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
244KB

MD5
3c2203f349aa22e2046dc72ad062b9f7

SHA1
93d78bcc8ee5a0c33deb724d7b1e5bd54577de8a

SHA256
e341c06beacaa19de066408d9fb71b11f9def1634b9f3650ed8597a7a3355bce

SHA512
9123d8606942b0ad0b8b5b4609ba0b1ca77a00b3ab9f33885b71d83ad21785d310489a5122eabcc5f6adef162e63702253daea83b51d65ce4fffb8d7c96628e8

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
3ad01c25e51b74ccb86fc1d464457d9a

SHA1
da942110137984eaaf7dad09c7edc0ce97b04982

SHA256
4e1e4ec693ee8b37e6bef82e78212087048199b70d8cdc0f944b51731f7e159d

SHA512
03e888cfdf02142ece1910051932b90695a849193d15dfe4abc2feb81b7f338ead021250bd096c208a01f219af412a9c601730966b61b6383de765d68658448f

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a9ED0.bat

Filesize
722B

MD5
43c27a9bee3d5f5d2410fb18fef34c2d

SHA1
594ce7c5ea28d132bfde205987f4063388c8cca5

SHA256
71e394b416d46d111089980905e0db035e731f40fe857913b7e140cd474402ab

SHA512
c596cc28a0858b6f3cb44b691b7bcf12910b1338afffedee02ca2345bedbb7827431a9ee852949aa3488a99a06017430f634c89bc7becb5fd42d8e0aff4398ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\21b2fe6f61a3addeefd5375d6b9220016c9d0de6df80242c2771c0c2c24d6d55.exe.exe

Filesize
1.6MB

MD5
2f1b439fd1f15f43152be897992846be

SHA1
d228752fc169c6ade421478f91e1b7bbf69d65c5

SHA256
d336a0b1a4a71f31730877b98c8ca6bf1f32543bcd910bed7c0f3e7f26a25f47

SHA512
57d9f6b9c0a62027c45ebb3627faf8b44ec7c66d4635d057a6871b2507ca52d68d871b63b0869181abef5de7053e9e37efd62ea1f5c5e46dc7e2055d7599dcd9

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
11ea1edd35759a6d8d4b6c8cdbcef148

SHA1
758e0f7e1742f411e3835ca691cf64c24756945d

SHA256
76317f6340de7844413cbb84531dc8be88600eb35dfafeaf2a55db88cd9ead16

SHA512
aabd5cc419ecaca3bfeccdd8b5af08cb331974aa781245341a7e91247eac8dafb086e0a413348cd16fb56afe6d522a31a940afc03ca1dff481d7b20f0cfc4ceb

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1176886754-713327781-2233697964-1000\_desktop.ini

Filesize
9B

MD5
2efce5174bcf8d378a924333f75e26ad

SHA1
4fe6e1d729b55d42eb9d74aca11b36a94402de14

SHA256
04ccb9bec2864153c72852867d8e65dca07eca4e5edcfb4beb62cb364dcd91fa

SHA512
24684969632fb0562a3a7a5fec91d869d627730d8e9d83a2b17e326d7047e3fbff205eec207914e42ecd50fef68a212c19f3599ded271c00e66acc22f1f04c16

Download Submit
memory/1576-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1576-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4836-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4836-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4836-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4836-1233-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4836-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4836-4800-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4836-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4836-5245-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download